Presentation is loading. Please wait.

Presentation is loading. Please wait.

IoT and Supply Chain Risk Management

Published byFrida Davidsen Modified over 4 years ago

Similar presentations

Presentation on theme: "IoT and Supply Chain Risk Management"— Presentation transcript:

1 IoT and Supply Chain Risk Management
MBS-F01 IoT and Supply Chain Risk Management Daniel Kroese Associate Director, National Risk Management Center Cybersecurity and Infrastructure Security Agency DHS @dgkroese

2 Setting the Stage Cybersecurity Supply Chain Risk Management (C-SCRM) has emerged as a central issue in cybersecurity and infrastructure protection issues. The severity of the threat landscape is real and becoming more widely understood. Tens of billions (and growing) connected devices globally and enhanced IoT connectivity through 5G will only increase the need for organizations to better understand their digital footprint and associated IoT risks. DHS – through the Cybersecurity and Infrastructure Security Agency – leads the national effort to defend our critical infrastructure against the threats of today while working with partners to secure against the evolving risks of tomorrow. Cybersecurity Supply Chain Risk Management, features prominently in this mission.

3 Recent Developments 2019 is shaping up to the “year of supply chain.”
The enactment in late 2018 of the Federal Acquisition Supply Chain Security Act is significant. The ICT Supply Chain Risk Management Task Force sponsored by CISA brings together 40 of the largest players in the IT and Communications Sectors and 20 supply chain leaders across the federal government.

4 The Power of Federal Procurement
Some market moving ability – annual government IT spend close to $100 billion per year. Reputational benefits for IoT manufacturers to maintain productive partnerships with the federal government. The power of setting a visible “North Star” can lead to voluntary change in behavior without additional requirements – e.g. Kaspersky Labs Binding Operational Directive (BOD) issued in September 2017 was followed by private sector entities not mandated by the scope of the BOD.

5 IoT Examples HVAC Smart TV Connected Car
A modern heating and cooling system uses digital technology for both sensor and control functions; thermostats are no longer operated by coil-metal thermometers and physical switches. Smart TV Currently, most televisions for sale contain “smart” functionality and include applications for various video content providers and often provide interactive functionality including microphones and cameras. Connected Car Vehicles 1) interact with surrounding technology and physical environment, 2) connect with driver or passenger devices to perform functions, and 3) collect information via sensors to communicate back to a central organization (e.g. fleet management).

6 IoT versus ICT For IoT, focus on the “thing”
For example, a connected car would be considered IoT while the components that enable the connectivity are ICT. Many IoT and ICT risks are similar. However, some of the risks introduced by IoT devices, systems, and services differ from ICT - .e.g. the specific challenges associated with connecting IoT to operational and legacy systems.

7 Potential IoT Vulnerabilities
Important IoT technology security considerations include: Poor design (use of plaintext and hard-coded passwords). Coding flaws (buffer overflows and command injection). Inconsistent patching of software.

8 The IoT Threat Distributed Denial of Service (DDoS)
Data Manipulation and Privacy Leakage Third Party Access and Control

9 The IoT Buyers Guide Joint effort between DHS, IT SCC, and IT GCC
Core audience is the acquisition team at federal agencies Recommended framework is non-binding and voluntary

10 IoT Acquisition Lifecycle
Assess Need Purpose identification and connectivity determination Analyze & Select Acquisition planning and requirements development Obtain Solicitation development and contract award Deploy and Support Contract administration and closeout Continually monitor and manage risks throughout the lifecycle

11 Acquisition Lifecycle – Key Threshold Issues
Mission: For what purpose is the IoT technology being procured? Network/System: Is the IoT technology intended to be connected? Information Sharing: Is the IoT technology collecting sensor data that is sent elsewhere? Operating Risk: Is the IoT technology controlling physical items as part of its functionality?

12 IoT Technology Issues Type and Control of Connectivity
Third Party Services and Data Management Patching General Vendor Cybersecurity Practices Security of Devices, Systems, Services, and Communications

13 Applying this Framework for Smarter IoT Acquisition
Understanding IoT cybersecurity concerns across the entire acquisition lifecycle is paramount. The entire Acquisition Team should have access to and knowledge of risk-informed, decision-making methods when procuring, deploying, using, and sustaining IoT. Apply a risk management lens to supply chain analysis.

Download ppt "IoT and Supply Chain Risk Management"

Similar presentations

Enhancing Integrity in Public Procurement OECD Recommendation and Toolbox Elodie Beth Administrator Integrity Public Governance and Territorial Development.

Enhancing Integrity in Public Procurement OECD Recommendation and Toolbox Elodie Beth Administrator Integrity Public Governance and Territorial Development.
Orlando, FL April 7 – 10, 2013 Document Lifecycle Strategies Delivering savings & efficiencies across your campus.

Orlando, FL April 7 – 10, 2013 Document Lifecycle Strategies Delivering savings & efficiencies across your campus.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
Corporate Responsibility and Third Party Relationships GSK and Contract Manufacturers James Hagan Vice President Corporate Environment, Health & Safety.

Corporate Responsibility and Third Party Relationships GSK and Contract Manufacturers James Hagan Vice President Corporate Environment, Health & Safety.
Strategies for Innovation Sourcing 30 August 2007 Paul McGowan Center for Innovative Technology Herndon, VA / 703-689-3070 Strategies.

Strategies for Innovation Sourcing 30 August 2007 Paul McGowan Center for Innovative Technology Herndon, VA / Strategies.
Cyber Risk Management Solutions Fall 2015 Thomas Compliance Associates, Inc. 2015.

Cyber Risk Management Solutions Fall 2015 Thomas Compliance Associates, Inc
CNCI-SCRM STANDARDIZATION Discussion Globalization Task Force OASD-NII / DoD CIO Unclassified / FOUO.

CNCI-SCRM STANDARDIZATION Discussion Globalization Task Force OASD-NII / DoD CIO Unclassified / FOUO.
Education – Partnership – Solutions Information Security Office of Budget and Finance Christopher Giles Governance Risk Compliance Specialist The Internet.

Education – Partnership – Solutions Information Security Office of Budget and Finance Christopher Giles Governance Risk Compliance Specialist The Internet.
CAMPUS LAN DESIGN GUIDE Design Considerations for the High-Performance Campus LAN.

CAMPUS LAN DESIGN GUIDE Design Considerations for the High-Performance Campus LAN.
Shekhar Dasgupta Managing Director Oracle India Ltd. November 4 th, 2003 Public Private Partnership e-Governance Summit, IT.COM.

Shekhar Dasgupta Managing Director Oracle India Ltd. November 4 th, 2003 Public Private Partnership e-Governance Summit, IT.COM.
© 2016 Global Market Insights, Inc. USA. All Rights Reserved IoT in Retail Market to exceed $30bn by 2024: Global Market Insights Inc.

© 2016 Global Market Insights, Inc. USA. All Rights Reserved IoT in Retail Market to exceed $30bn by 2024: Global Market Insights Inc.
SDN & NFV Driving Additional Value into Managed Services.

SDN & NFV Driving Additional Value into Managed Services.
Developing Smart Cities – Technology and Security

Developing Smart Cities – Technology and Security
© 2016 Global Market Insights, Inc. USA. All Rights Reserved IoT in Manufacturing Market grow at 20% CAGR from 2017 to 2024: Global.

© 2016 Global Market Insights, Inc. USA. All Rights Reserved IoT in Manufacturing Market grow at 20% CAGR from 2017 to 2024: Global.
Society for Maintenance and Reliability Professionals (SMRP)

Society for Maintenance and Reliability Professionals (SMRP)
Customer Experience: Create a digitally led customer experience

Customer Experience: Create a digitally led customer experience
Proposed Updates to the Framework for Improving Critical Infrastructure Cybersecurity (Draft Version 1.1) March 2017 cyberframework@nist.gov.

Proposed Updates to the Framework for Improving Critical Infrastructure Cybersecurity (Draft Version 1.1) March 2017
Privacy and Public Policy Implications of IoT

Privacy and Public Policy Implications of IoT
Remarks by Dr Mawaki Chango Kara University DigiLexis Consulting

Remarks by Dr Mawaki Chango Kara University DigiLexis Consulting

Similar presentations

Ads by Google